Eliminating Scam Emails: With Outlook 365 Impersonation Protection.

Impersonation Protection

What is email impersonation?

Email Impersonation is when the scam sender’s email looks very similar to a real email from the intended sender’s email. Scammers often use an impersonated email address as a type of phishing attack to gain the trust of the recipient often requesting money or personal details such as bank information. Another type of impersonation to be where of is domain impersonation this is very similar to regular user impersonation but instead of targeting the use of the individual the attacker will impersonate the domain name as a whole.

Let’s have a look at a couple of examples of user impersonation:

So, your email could be jen@wrenhouse.org but an impersonator could use the email Jen@wreckhousee.org to try and deceive you into thinking they are the real Jen.

As an extra measure, Microsoft has also put an extra feature in place called a contact safety tip which encourages users to double-check the sender’s email address (for more information on this click here.)

Let’s have a look at an example of domain impersonation:

 Accounts@roofinglove.co.uk could be the domain email address and the impersonator could use the email Account@rooflove.co.uk as you can see these email addresses are very similar and could be easily mistaken for the real thing.

Microsoft’s impersonation policy means that any emails it deems as an impersonation attack will automatically be added to your junk folder in Outlook this includes any emails using your name or any emails that look like an impersonation of another colleague in your organization.

I mentioned phishing attacks before but what is a phishing attack?

phishing attacks are a type of cyber attack that targets users via email, text messages, and phone calls. The attacker’s goal is to steal personal information or credentials from the user. A phishing attack will most likely emphasize urgency in the message or call they send often requesting money or threatening a user and not allowing them time to stop and think if the source is legitimate.

How to implement impersonation protection for your business?

To enable impersonation protection, you will need to be assigned permissions to the Defender portal or Microsoft Entra (this is usually managed by your IT provider.) For more information about enabling impersonation protection or any other Business IT enquires please don’t hesitate to contact Liberate IT today!

Scroll to Top